A significant problem facing the Internet community is that on-line businesses and organizations are vulnerable to malicious attacks. Recently, attacks have been committed using a wide arsenal of attack techniques and tools targeting both the information maintained by the on-line businesses and their IT infrastructure. Hackers and attackers are constantly trying to improve their attacks to cause irrecoverable damage, overcome currently deployed protection mechanisms, and so on.
Attacks and attack attempts are executed against servers and clients at different layers (e.g., a network layer and an application layer). Attacks have become more sophisticated and their scope has also been increased. That is, a multitude number of infected machines and groups of organized attackers take part in coordinated attack campaigns. Thus, it has become a significant challenge to secure online businesses and organizations against targeted attack campaigns.
As a result, organizations and businesses loose revenue due to security-related downtime, information theft, and the compromise of confidential information. Consequently, the organizations and businesses suffer immeasurable damage to their brand and image. In many cases, even after the attack has stopped, the remediation process can be a long and expensive process. That is, it may take a long time to restore the services/applications provided by the attacked site back to functioning properly.
Currently available security systems cannot guarantee full protection against a vast number of cyber threat categories and the numerous number of attack vectors that exist to execute such threats. As a result, when a site is under attack, a portion of the site or the entire site may be idle, and legitimate clients cannot access the servers of the site, or they experience a very low service response time (high latency).
Examples for cyber attacks include, denial-of-service (DoS) and intrusion types of attacks. An intrusion type of attack is typically performed by injecting a malware code into servers in the site. The malware code is often downloaded by a legitimate client and can be used against him in couple of ways. For example, the malware can be used to expose the client's confidential information and/or used to take control over the client's computer to perform other malicious activities. Other types of cyber attacks include buffer overflow attacks, misuse of computing resources, and the like. Types of (web directed) attacks include, for example, web defacement attacks, cross site scripting attacks, and so on.
Although there are various security systems designed to detect, prevent, or mitigate cyber attacks, there is no security system that can fully guarantee that such attacks will not succeed in negatively impacting the sites' services, and that clients of the site will not be affected. Thus, when a site is under attack, there is always a chance that the Quality of Service (QoS) will be compromised and the service-level agreement (SLA) cannot be guaranteed to the site's users.
It would therefore be advantageous to provide an efficient solution that would ensure the guaranteed SLA to the site's trusted clients even when the site is under attack and even though some of the security systems cannot guarantee the detection and prevention of the attacks against the site.